In addition to trusting you, the buyer needs to bear a 2.5% fee, however, you do not sign the deposit address using PGP.

Since you are acting as an eescrow, what will happen if your cold storage is hacked? Is there a compensation fund? If not, perhaps signing a message with an address containing more than one Bitcoin will be necessary.
The conversation is not conducted via https://trustee.cash/ so how will the dispute between the two parties be resolved, screenshots can easily be faked.